Security / Csrf prevention
Csrf prevention

If it happend that you are logged on shop.com and you browse example.org, you'll make a purchase, even if you don't want to.
The token method involves the use of a randomly generated token that is stored in the user's session when the user
accesses the form page and is also placed in a hidden field on the form.
<?php
session_start();
if (isset($_POST['btn_submit'])) {
if (isset($_SESSION['token']) &&
isset($_POST['token']) &&
$_POST['token'] == $_SESSION['token']) {
echo 'Accepted';
} else {
echo 'Denied';
}
}
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
?>
<form method="POST">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" name="btn_submit"/>
</form>

If it happend that you are logged on shop.com and you browse example.org, you'll make a purchase, even if you don't want to.
The token method involves the use of a randomly generated token that is stored in the user's session when the user
accesses the form page and is also placed in a hidden field on the form.
<?php
session_start();
if (isset($_POST['btn_submit'])) {
if (isset($_SESSION['token']) &&
isset($_POST['token']) &&
$_POST['token'] == $_SESSION['token']) {
echo 'Accepted';
} else {
echo 'Denied';
}
}
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
?>
<form method="POST">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" name="btn_submit"/>
</form>